Managing Third-Party Risks Introduced by Vendor Relationships

These days no organization can completely avoid dealing with third parties, which by doing so gives them a competitive advantage, lesser cost, and ultimately increase profits but these relationships present one with multiple risks. With the threat of security breaches, supply chain disruptions, data theft, or reputational damage stemming from third-parties, it is essential for Read more…

Leverage Your GRC Platform for SOC 2 Compliance

Service Organization Control (SOC) reports have become more and more important to the world of information security and compliance since being introduced by the American Institute of CPAs (AICPA) in 2011. This is particularly the case for SOC 2, which focuses on availability, confidentiality, privacy, processing integrity, and security as its trust services criteria or Read more…

FedRAMP Low, Moderate, or High?

Which security baseline do you need under the Federal Risk and Authorization Management Program (FedRAMP)? Is it low, moderate, or high? While choosing to utilize cloud services has the added benefits of flexibility, increased collaboration, and lower upfront investments, it can also bring about increased risks, and for that reason, the US federal government has Read more…

FedRAMP Compliance: What’s in it for me?

While cloud solutions have made it possible to make computer systems more efficient and effective, the federal IT infrastructure has had a hard time adopting this innovation. Saddled by redundant, time-consuming, costly, and inefficient systems, the federal government has found it hard to secure its IT systems without throwing hundreds of millions of dollars down Read more…

4-Step Guide to Performing an ISO 27001 Risk Analysis

Performing a risk assessment is a central part of the ISO 27001 process directed to implementing an ISMS (Information Security Management System). How could you protect any sort of environment without being fully aware of impending threats, the exposition level, and variables such as the likelihood of occurrence and estimated level of impact? Understanding all Read more…

7 ways the GDPR affects your organization

If there is one thing the last couple years have made clear, it is the lack of respect towards personal data privacy. From companies with inadequate security controls leading to improper management of sensitive information to businesses making a profit by selling clients’ information and even government agencies that like to play big brother. At Read more…

Why use standard agnostic controls in your compliance program

The adoption of a corporate-wide compliance program is one of the most demanding projects you may undertake. Furthermore making the most of time-consuming tasks such as controls implementation, requires not only the experience and knowledge but also a holistic approach at the design level. Every organization is different.  Standards were created keeping in mind that Read more…